- Sysmon v11.0:
- This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud.
Download -Changes in 2020.11.04:
January 12, 2021
- Sysmon v13.00:
- This update to Sysmon adds a process image tampering event that reports when the mapped image of a process doesn’t match the on-disk image file, or the image file is locked for exclusive access. These indicators are triggered by process hollowing and process herpaderping. This release also includes several bug fixes, including fixes for minor memory leaks.
- Process Monitor v3.61:
- This update to Process Monitor adds monitoring for RegSaveKey, RegLoadKey and RegRestoreKey APIs, as well as fixes a bug in the details output for some types of directory queries.
September 22, 2021
- Autoruns, a utility for monitoring startup items, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks, VirusTotal and signed files regressions fixes.